We have found no indication that the threat actors discovered and exploited any vulnerabilities in our products or services to gain entry.
If I were said international cyber crims I would also ransack an area of the network that made it look like I'd got in a certain way and only made off with email addresses and social security details which would keep them occupied for a fair while worrying about ID theft (as well as providing potential income and future attack avenues). In the mean time I'd be rifling the shit out of the rest of the network because, let's face it, they don't seem as if they have a f*cking clue and it's likely that's what they were after all along. I would be nervous if I were using their kit on the perimeter.
It's like a burglary when you throw the contents of some drawers on the floor and make the place look a mess whilst taking some obvious jewellery but you've also taken copies of confidential business materials and made copies of keys and hard drives - the bit you actually came for. Everyone thinks it was "just junkies" etc.
Biting the hand that feeds IT
